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CLAIMS 



1 . (original) A method of managing a virtual private network, the method comprising: 

receiving a request to join a given virtual private network having a set of network 
devices, the request being received from a given network device having a given network device 
identifier that identifies the given network device; 

retrieving, from a network device memory set, a set of network device identifiers that 
identify all network devices in the set of network devices; 

forwarding a notify message to each network device in the set of network devices, the 
notify message including the given network device identifier; 

forwarding a join message to the given network device, the join message including the set 
of network device identifiers; and 

storing, in the network device memory set, the given network device identifier. 

2. (original) The method as defined by claim 1 wherein in response to receipt of the notify 
message, at least one of the set of network devices communicates with the given network device 
to establish a communication tunnel with the given network device. 

3. (original) The method as defined by claim 1 wherein in response to receipt of the join 
message, the given network device communicates with at least one of the network devices in the 
set of network devices to establish a communication tunnel with the at least one of the set of 
network devices. 

4. (original) The method as defined by claim 1 wherein the request includes a network identifier 
identifying the given virtual private network. 

5. (original) The method as defined by claim 1 wherein the total number of network devices in 
the set of network devices equals zero, the network device memory set being a database that is 
established for the given virtual private network in response to receipt of the request. 
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6. (original) The method as defined by claim 1 wherein the request is received from a packet 
based network. 

7. (original) The method as defined by claim 1 further comprising: 

authenticating the request to confirm the identify of the given network device. 

8. (original) The method as defined by claim 1 wherein each network identifier is an Internet 
Protocol address. 

9. (original) The method as defined by claim 1 further comprising: 

receiving a remove message from a remove network device; 
retrieving all network device identifiers from the network device memory set; and 
forwarding a first message to all network devices identified by retrieved network device 
identifiers, each first message including a remove identifier identifying the remove network 



10. (original) The method as defined by claim 9 wherein the response to receipt of the first 
message, at least one of the network devices in the set of network devices disconnects a 
communication tunnel between the at least one network device and the remove network device. 

1 1 . (original) The method as defined by claim 9 further comprising: 

forwarding a second message to the remove network device, the second message 
including the retrieved network device identifiers. 

12. (original) The method as defined by claim 1 wherein the join message and notify message 
include data identifying the given virtual private network. 



device. 



13. (original) The method as defined by claim 1 further comprising: 
generating the notify message and the join message. 
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14. (original) An apparatus for managing a virtual private network, the apparatus comprising: 

an input that receives a request to join a given virtual private network having a set of 
network devices, the request being received from a given network device having a given network 
device identifier that identifies the given network device; 

data storage for storing a set of network device identifiers that identify all network 
devices in the set of network devices; 

a message generator that generates a notify message and a join message, the notify 
message including the given network device identifier, the join message including the set of 
network device identifiers; 

a request parser that parses the request to determine the given network device identifier 
for storage in the data storage; and 

an output that forwards one copy of the notify message to each network device in the set 
of network devices, the output also forwarding the join message to the given network device. 

15. (original) The apparatus as defined by claim 14 wherein in response to receipt of the notify 
message, at least one of the set of network devices communicates with the given network device 
to establish a communication tunnel with the given network device. 

16. (original) The apparatus as defined by claim 14 wherein the response to receipt of the join 
message, the given network device communicates with at least one of the network devices in the 
set of network devices to establish a communication tunnel with the at least one of the set of 
network devices. 

17. (original) The apparatus as defined by claim 14 wherein the request includes a network 
identifier identifying the given virtual private network. 

18. (original) The apparatus as defined by claim 14 wherein the total number of network devices 
in the set of network devices equals zero, the data storage including a database that is generated 
for the given virtual private network in response to receipt of the request. 
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19. (original) The apparatus as defined by claim 14 wherein the request is received from a packet 
based network. 

20. (original) The apparatus as defined by claim 14 further comprising: 

an authentication module operatively coupled with the input, the authentication module 
authenticating the request to confirm the identity of the given network device. 

21. (original) The apparatus as defined by claim 14 wherein each network identifier is an Internet 
Protocol address. 

22. (original) The apparatus as defined by claim 14 wherein the input receives a remove message 
from a remove network device, the remove network device being one of the set of network 
devices, the apparatus further comprising: 

retrieval logic that retrieves all network device identifiers from the network device 
memory set; and 

a removal message generator operatively coupled with the retrieval logic, the removal 
message generator generating a first message having a remove identifier identifying the remove 
network device, the output forwarding the first message to all network devices identified by 
retrieved network device identifiers. 

23. (original) The apparatus as defined by claim 22 wherein in response to receipt of the first 
message, at least one of the network devices in the set of network devices disconnects a 
communication tunnel between the at least one network device and the remove network device. 

24. (original) The method as defined by claim 22 wherein the remove message generator 
generates a second remove message that is forwarded to the remove network device, the second 
remove message including the retrieved network device identifiers. 

25. (original) The method as defined by claim 145 wherein the join message and notify message 
include data identifying the given virtual private network. 
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26. (original) A computer program product for use on a computer system for managing a virtual 
private network, the computer program product comprising a computer usable medium having 
computer readable program code thereon, a computer readable program code including: 

program code for receiving a request to join a given virtual private network having a set 
of network devices, the request being received from a given network device having a given 
network device identifier that identifies the given network device; 

program code for retrieving, from a network device memory set, a set of network device 
identifiers that identify all network devices in the set of network devices; 

program code for retrieving, from a network device memory set, a set of network device 
identifiers that identify all network devices in the set of network devices; 

program code for forwarding a notify message to each network device in the set of 
network devices, the notify message including the given network device identifier; 

program code for forwarding a join message to the given network device, the join 
message including the set of network device identifiers; and 

program code for storing, in the network device memory set, the given network device 
identifier. 

27. (original) The computer program product as defined by claim 26 wherein in response to 
receipt of the notify message, at least one of the set of network devices communicates with the 
given network device to establish a communication tunnel with the given network device. 

28. (original) The computer program product as defined by claim 26 wherein in response to 
receipt of the join message, the given network device communicates with at least one of the 
network devices in the set of network devices to establish a communication tunnel with the at 
least one of the set of network devices. 

29. (original) The computer program product as defined by claim 26 wherein the request includes 
a network identifier identifying the given virtual private network. 
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30. (original) The computer program product as defined by claim 26 wherein the total number of 
network devices in the set of network devices equals zero, the network device memory set being 
a database that is established for the given virtual private network in response to receipt of the 
request. 

31. (original) The computer program product as defined by claim 26 wherein the request is 
received from a packet based network. 

32. (original) The computer program product as defined by claim 26 further comprising: 

program code for authenticating the request to confirm the identity of the given network 

device. 

33. (original) The computer program product as defined by claim 26 wherein each network 
identifier is an Internet Protocol address. 

34. (original) The computer program product as defined by claim 26 further comprising: 

program code for receiving a remove message from a remove network device; 
program code for retrieving all network device identifiers from the network device 
memory set; 

program code for generating a first message having a remove identifier identifying a 
remove network device; and 

program code for forwarding the first message to all network devices identified by 
retrieved network device identifiers. 

35. (original) The computer program product as defined in claim 34 wherein in response to 
receipt of the first message, at least one of the network devices in the set of network devices 
disconnects a communication tunnel between at least one network device and remove network 
device. 

36. (original) The computer program product as defined by claim 34 further comprising: 
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program code for generating a second message having the retrieved network device 
identifiers; and 

program code for forwarding the second message to the remove network device. 

36. (original) The computer program product as defined by claim 34 further comprising: 

program code for generating a second message having the retrieved network device 
identifiers; and 

program code for forwarding the second message to the remove network device. 

37. (original) The computer program as defined by claim 26 wherein the join message and notify 
message include data identifying the given virtual private network. 

38. (original) the computer program product as defined by claim 26 further comprising: 

program code for generating the notify message; and 
program code for generating the join message. 

39. (original) A method of managing a virtual private network having a set of member network 
devices, each member network device being identified by a device identifier, the method 
comprising: 

maintaining a storage device having the device identifier of each member of the set of 
network devices, the storage device being updated as network devices are added to and removed 
from the virtual private network; 

receiving a request to join the virtual private network, the request being received from a 
given network device having a given network device identifier and data identifying the virtual 
private network; 

generating a notify message having the given network device identifier; 
generating a join message having the device identifiers in the storage device; 
forwarding the notify message to each of the set of network devices; and 
forwarding the join message to the given network device. 
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40. (original) The method as defined in claim 39 wherein in response to receipt of the notify 
message, at least one of the set of network devices communicates with the given network device 
to establish a communication tunnel with the given network device. 

41. (original) The method as defined by claim 39 wherein in response to receipt of the join 
message, the given network device communicates with at least one of the member network 
devices to establish a communication tunnel with the at least one member network device. 

42. (original) The method as defined by claim 39 further comprising: 

authenticating the request to confirm the identity of the given network device. 

43. (original) The method as defined by claim 39 further comprising: 

receiving a remove message from a remove network device; 
retrieving all device identifiers from the storage device; and 
forwarding a first message to all network devices identified by retrieved device 
identifiers, each first message including a remove identifier identifying the remove network 



44. (original) The method as defined by claim 43 wherein in response to receipt of the first 
message, at least one of the member network devices disconnects a communication tunnel 
between the at least one member network device and the remove network device. 

45. (original) The method as defined by claim 43 further comprising: 

forwarding a second message to the remove network device, the second message 
including the retrieved device identifiers. 



device. 



46. (original) A computer program product for use on a computer system for managing a virtual 
private network having a set of member network devices, each member network device being 
identified by a device identifier, the computer program product comprising a computer usable 
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medium having computer readable program code thereon, the computer readable program code 
including: 

program code for maintaining a storage device having the device identifier of each 
member of the set of network devices, the storage device being updated as network devices are 
added to and removed from the virtual private network; 

program code for receiving a request to join the virtual private network, the request being 
received from a given network device having a given network device identifier and data 
identifying the virtual private network; 

program code for forwarding the notify message to each of the set of network devices; 

and 

program code for forwarding the join message to the given network device. 

47. (original) The computer program product as defined by claim 46 wherein in response to 
receipt of the notify message, at least one of the set of network devices communicates with the 
given network device to establish a communication tunnel with the given network device. 

48. (original) The computer program product as defined by claim 46 wherein in response to 
receipt of the join message, the given network device communicates with at least one of the 
member network devices to establish a communication tunnel with the at least one member 
network device. 

49. (original) The computer program as defined by claim 46 further comprising: 

program code for authenticating the request to confirm the identity of the given network 

device. 

50. (original) The computer program product as defined by claim 46 further comprising: 

program code for receiving a remove message from a remove network device; 
program code for retrieving all device identifiers from the storage device; and 
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program code for forwarding a first message to all network devices identified by retrieved 
device identifiers, each first message including a remove identifier identifying the remove 
network device. 

51. (original) The computer program product as defined by claim 50 wherein in response to 
receipt of the first message, at least one of the member network devices disconnects a 
communication tunnel between the at least one member network device and the remove network 
device. 

52. (original) The computer program product as defined by claim 50 further comprising: 

program code for forwarding a second message to the remove network device, the second 
message including the retrieved device identifiers. 

53. (original) A method of managing a virtual private network, the method comprising: 

a given network device transmitting a request to join the virtual private network having a 
set of network devices, the given network device having a given network device identifier that 
identifies the given network device; 

retrieving, from a network device memory set, a set of network device identifiers that 
identify all network devices in the set of network devices; 

forwarding a notify message to each network device in the set of network devices, the 
notify message including the given network device identifier; 

forwarding a join message to the given network device, the join message including the set 
of network device identifiers; and 

storing, in the network device memory set, the given network device identifier. 

54. (original) The method as defined by claim 53 further comprising: 

receiving the notify message; 

retrieving the given network device identifier from the received notify message; and 
establishing a communication tunnel to the given network device after the given network 
device identifier is retrieved. 



